Privacy Policy
This policy explains how Ambifest Ltd ("Ambifest", "we", "us") collects, uses and protects your personal data when you use ambifest.com, RSVP to an event, buy a ticket or merch, or contact us.
Who we are
Ambifest Ltd, London, UK, is the data controller for the personal data described in this policy. You can reach us at info@ambifest.com.
Ambifest Ltd's registration with the Information Commissioner's Office (ICO) is currently in progress. This page will be updated with our registration number once complete.
What data we collect
- Contact details you give us — name and email — via the Ambi Con RSVP form or the newsletter sign-up form.
- Order details — name, email and shipping address — when you buy a ticket or merch through Stripe Checkout.
- Payment details are collected and processed entirely by Stripe. We never see or store your card details.
- Correspondence — if you email us directly, we keep that conversation to respond to you.
How we collect it
We collect this data directly from the forms you fill in on this Site. RSVPs are sent to Resend's Audiences platform; newsletter sign-ups to Mailchimp; ticket and merch orders go through Stripe Checkout, with order details recorded in Airtable for fulfilment, and order/ticket confirmation emails sent via Resend.
Why we use it, and our legal basis
- To process and deliver your ticket or merch order (performance of a contract).
- To send you order and event confirmations and updates (contract / legitimate interest).
- To send you marketing updates about Ambifest and Ambi Con — only if you've opted in, and you can unsubscribe at any time (consent).
- To keep basic order records for accounting purposes (legal obligation).
Who we share it with
We use a small number of trusted service providers ("processors") to run the Site, each of whom only receives the data they need to do their specific job:
- Stripe — payment processing for tickets and merch.
- Resend — RSVP handling and transactional order/ticket emails.
- Mailchimp — newsletter sign-up and sending.
- Airtable — internal order and stock tracking for merch.
We do not sell your personal data to anyone.
International transfers
Some of the processors above are based outside the UK/EEA (for example, in the US). Where that's the case, they provide appropriate safeguards — such as Standard Contractual Clauses — as required under UK GDPR.
Cookies
See our Cookie Policy for full detail. In short: this Site doesn't currently set any analytics or tracking cookies itself.
How long we keep your data
Order and transaction records are kept for as long as required for UK tax and accounting purposes (currently 6 years). Newsletter data is kept until you unsubscribe. RSVP data is kept only as long as needed for the relevant event.
Your rights
Under UK GDPR, you have the right to access, correct, delete, restrict or object to our use of your data, and to request your data in a portable format. To exercise any of these rights, email info@ambifest.com. You also have the right to complain to the Information Commissioner's Office (ICO).
Children's data
Our general Ambifest socials are for adults. Ambi Con welcomes under-18s, but a Child ticket must be bought alongside an Adult ticket for the accompanying adult, in the same order — that adult provides any necessary contact details on the child's behalf, and stays with them for the whole visit.
Security
We take reasonable technical and organisational steps to protect your data — for example, API keys and secrets used by this Site are kept server-side and are never exposed in the site's code. No method of transmission over the internet is completely secure.
Changes to this policy
We may update this policy from time to time. The "last updated" date at the top of this page reflects the latest version.
Contact
Questions about this policy or your data? Email info@ambifest.com.
